The Kennel Club has issued guidance to registered societies on the General Data Protection Regulation (GDPR) which will come into force throughout the EU on 25th May 2018. The EU’s objective is to harmonise data protection laws and allow for free movement of data within the EU.
The GDPR, which represents the first major overhaul of data processing law in 20 years, will have what is known as ‘direct effect’ and immediately replace data protection legislation in the UK. However, the UK is currently preparing its own draft Data Protection Bill; both to allow for permitted variations from the GDPR and so that the provisions of the GDPR will remain as part of UK law after Brexit.
To keep things in perspective, the central principles for data processing will not change. These principles are:
- Lawful, fair and transparent processing
- Specific and legitimate purpose
- Adequate, relevant and limited to what is necessary (no more than is needed/not ‘just in case’)
- Accurate and up to date
- Retained only for as long as is necessary
- Data security
- Accountability – meaning that it is not just important to comply but to be able to demonstrate/to be seen to be compliant.
There is an expansion in the scope of individual rights which will be protected by ‘privacy by default’ and ‘privacy by design’ – with privacy first and foremost rather than as an afterthought. From a marketing perspective, the major shift is that it will no longer be possible to rely on assumed or passive consent for marketing – it will need to be active and specific.
It is important for clubs and societies to be aware of the way in which data must be handled in line with the requirements under the GDPR. Whilst it may seem complex, there are some relatively straightforward immediate steps which will help clubs to get in shape for GDPR.
The Information Commissioner has given some reassurance that it intends to implement the law with a sense of proportion and perspective, as it does now. It will educate and advise a ‘carrot not stick’ approach. Even so, a society’s reputation and building trust with members, judges and exhibitor/competitors is important.
A measured approach should mean that this does not have to be an onerous task for most clubs and societies.
The Kennel Club will shortly issue some guidance to help steer clubs and societies through a ‘GDPR readiness’ plan which will provide an overview of the GDPR and some templates so that societies can conduct a data audit, in order to document what data is actually being processed.
The guidance will ask the ‘five Ws’ – WHOSE data, WHAT data, WHY the data is being used, WHEN is it processed and WHERE is it stored? From this a privacy notice can be compiled, which will spell out the lawful basis for processing of data – and which is a requirement under the GDPR.
Caroline Kisko, Kennel Club Secretary, said: “We hope the guidance will help demystify what is needed to be ready for the GDPR. The Kennel Club will provide further guidance individually as appropriate – and we urge direct consultation with the Information Commissioner as a free and reliable resource.”